"fleeceware" | 100 million+ android devices are in danger

Security firm Sophos has once again warned of the dangers of “fleeceware” on the Google Play Store.

Fleeceware is a term for apps “where users could be charged excessive amounts of money for apps if they don’t cancel a ‘subscription’ before the short free trial window ends.”

Sophos had previously warned of the dangers of fleeceware but, rather than recovering, the problem has only gotten more serious.

Following Sophos’ initial report, Google removed the apps that were highlighted, but corrupt developers have continued to create and release new fleeceware apps. In fact, “the total number of installations of these apps, as reported on Google’s Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, reliable app publishers on Google Play.”

What about uninstalling the apps?

To make matters worse, uninstalling the app does not cancel the subscription.

Many publishers of these apps have a complicated process for canceling, designed to extend the “subscription” as long as possible. Sophos recommends keeping copies of all correspondence with one of these publishers so it can be shared with Google if needed.

600 million downloads spread out over less than 25 apps is a shocking number of malicious downloads and illustrates the need for Google to do a better job of vetting apps.